20 matches found
CVE-2026-3293
A flaw was found in snowflake-jdbc. A local user can exploit a vulnerability in the SdkProxyRoutePlanner function by manipulating the nonProxyHosts argument. This manipulation leads to inefficient regular expression complexity, which can result in a Denial of Service DoS condition...
net.snowflake:snowflake-jdbc-thin (=4.0.0), org.apache.hadoop:hadoop-aws (=3.4.2) +6 more potentially affected by CVE-2025-14763 via software.amazon.encryption.s3:amazon-s3-encryption-client-java (>=3.1.1 <=3.5.0)
software.amazon.encryption.s3:amazon-s3-encryption-client-java MAVEN version =3.1.1, =2.7.0, =2.7.0, =2.7.0, =2.7.0, =2.7.0, =2.7.0, =2.7.2 Source cves: CVE-2025-14763 Source advisory: OSV:GHSA-X44P-GVRJ-PJ2R...
EUVD-2025-12596
Malicious code in bioql PyPI...
Go Snowflake Driver has race condition when checking access to Easy Logging configuration file
...
CVE-2025-24791
snowflake-connector-nodejs is a NodeJS driver for Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache directory. This...
GO-2025-3650 Go Snowflake Driver has race condition checking access to Easy Logging config file in github.com/snowflakedb/gosnowflake
Go Snowflake Driver has race condition checking access to Easy Logging config file in github.com/snowflakedb/gosnowflake...
CVE-2025-46328 NodeJS Driver for Snowflake has race condition when checking access to Easy Logging configuration file
snowflake-connector-nodejs is a NodeJS driver for Snowflake. Versions starting from 1.10.0 to before 2.0.4, are vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition. When using the Easy Logging feature on Linux and macOS the Driver reads logging configuration from a user-provided...
CVE-2025-46327 Go Snowflake Driver has race condition when checking access to Easy Logging configuration file
gosnowflake is the Snowflake Golang driver. Versions starting from 1.7.0 to before 1.13.3, are vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition. When using the Easy Logging feature on Linux and macOS, the Driver reads logging configuration from a user-provided file. On Linux and...
CVE-2025-46327 Go Snowflake Driver has race condition when checking access to Easy Logging configuration file
gosnowflake is the Snowflake Golang driver. Versions starting from 1.7.0 to before 1.13.3, are vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition. When using the Easy Logging feature on Linux and macOS, the Driver reads logging configuration from a user-provided file. On Linux and...
Go Snowflake Driver has race condition when checking access to Easy Logging configuration file
Issue Snowflake discovered and remediated a vulnerability in the Go Snowflake Driver “Driver”. When using the Easy Logging feature on Linux and macOS, the Driver didn’t correctly verify the permissions of the logging configuration file, potentially allowing an attacker with local access to...
GHSA-6JGM-J7H2-2FQG Go Snowflake Driver has race condition when checking access to Easy Logging configuration file
Issue Snowflake discovered and remediated a vulnerability in the Go Snowflake Driver “Driver”. When using the Easy Logging feature on Linux and macOS, the Driver didn’t correctly verify the permissions of the logging configuration file, potentially allowing an attacker with local access to...
Snowflake ODBC Driver 安全漏洞
Snowflake ODBC Driver is a powerful tool from Snowflake to connect to a live Snowflake data warehouse directly from any application that supports ODBC connectivity. A security vulnerability exists in Snowflake ODBC Driver versions prior to 3.7.0, which stems from logging sensitive information and...
GHSA-Q298-375F-5Q63 Snowflake JDBC Driver client-side encryption key in DEBUG logs
Issue Snowflake discovered and remediated a vulnerability in the Snowflake JDBC driver “Driver”. When the logging level was set to DEBUG, the Driver would log locally the client-side encryption master key of the target stage during the execution of GET/PUT commands. This key by itself does not...
Snowflake JDBC Driver 日志信息泄露漏洞
Snowflake JDBC Driver is an open source Snowflake JDBC driver from Snowflake Computing. A log information disclosure vulnerability exists in Snowflake JDBC Driver versions 3.0.13 through 3.23.0, which stems from the Driver locally logging the client-side encryption master key for the target phase...
CVE-2025-24791
snowflake-connector-nodejs is a NodeJS driver for Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache directory. This...
CVE-2025-24791
CVE-2025-24791 affects snowflake-connector-nodejs (Snowflake NodeJS Driver) on Linux. The vulnerability allows bypassing file permissions checks for the temporary credential cache, exploitable by an attacker with write access to the local cache directory. Affected versions are 1.12.0 through 2.0....
CVE-2025-24792 Snowflake PHP PDO Driver has a Signed-to-Unsigned Conversion Error
Snowflake PHP PDO Driver is a driver that uses the PHP Data Objects PDO extension to connect to the Snowflake database. Snowflake discovered and remediated a vulnerability in the Snowflake PHP PDO Driver where executing unsupported queries like PUT or GET on stages causes a signed-to-unsigned...
PT-2025-5573 · Snowflake · Snowflake Php Pdo Driver
Name of the Vulnerable Software and Affected Versions: Snowflake PHP PDO Driver versions 0.2.0 through 3.0.3 Description: The issue arises when executing unsupported queries, such as PUT or GET on stages, which causes a signed-to-unsigned conversion error. This error results in the application...
PHP PDO driver for Snowflake 安全漏洞
PHP PDO driver for Snowflake is an open source PHP PDO driver from Snowflake Computing. A security vulnerability exists in the PHP PDO driver for Snowflake, which originates from a stage where execution of an unsupported query can result in a signed-to-unsigned conversion error, which can cause t...
GHSA-4G3J-C4WG-6J7X Snowflake JDBC vulnerable to command injection via SSO URL authentication
Snowflake JDBC driver is vulnerable to command injection vulnerability via SSO URL authentication. The vulnerability was patched on March 17, 2023 as part of Snowflake JDBC driver Version 3.13.29. An attacker could set up a malicious, publicly accessible server which responds to the SSO URL with ...